Use Cases:

• The user wants to port mirror traffic from a VLAN to a sniffer server.
• Mirroring/Spanning VLAN from multiple ports.

Example:

• Sniffer Server (WireShark) in port 15.
• The ports can have multiple VLANs (Data, voice, etc), sometimes it is needed to capture traffic from one of the VLANs. In this scenario traffic from VLAN 40 will be mirrored.

Configuration FortiSwitch CLI.
Port mirroring configuration:

config switch mirror

       edit "mirror1"

           set status active

           set dst "port15"

       next

  end

Access Control List configuration:

config switch acl ingress

    edit 1

        config action

            set mirror "mirror1"

        end

        config classifier

            set vlan-id 40

        end

    set ingress-interface-all enable <----- Apply to all interfaces.

    next

end

The traffic from VLAN 40 from all the ports is mirrored to port 15, where the sniffer server is receiving the traffic. It can be verified by checking the line rate in port15, RX, and TX should increase.

diagnose switch physical-port linerate port15

Related documents:

FortiSwitch documents:

• Mirror Admin Guide
• ACL Admin Guide
• CLI Reference

Technical Tip: SPAN (Port Mirroring)

Technical Tip: Port Mirroring/Spanning with FortiSwitches managed by FortiGate to call recording ser...